1. Technical field
The invention relates to a method of using a secure device for digitally signing a document.
2. Related art
Security problems with PCs make them unsuitable for many functions since data entered by users can be manipulated or copied by an attacker. Transactions can be changed to send money to unwanted recipients or to order unwanted goods, or user credentials can be copied providing attackers with access to systems such as those used for Internet banking.
To solve some of these problems, a user trusted device (also a “secure device”) can be used together with a PC. One such solution, the IBM Zone Trusted Information Channel (see Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Höring, Peter Buhler, Michael Baentsch, “The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks”, In P. Lipp, A.-R. Sadeghi, and K.-M. Koch (Eds.): TRUST 2008, LNCS 4968, pp. 75-91, 2008), allows the user to verify information associated with a transaction (e.g., in the case of Internet banking the amount and recipient) before the transaction is executed by the service provider (e.g., the bank). The transaction is verified on the device, which is secure and can send the verified information to the back-end system in a secure manner.
Secure digital document signing can be one of the most significant Internet applications for the future if it can be done efficiently and securely, given the potential to improve processes for businesses and private users (speed, security, efficiency).
A scheme based on a PC or similar device such as a smart phone is not secure since what the user sees on the device display and the document that is ultimately signed can be different. For instance, a malicious malware on the user's device can manipulate what is displayed so that it looks acceptable to the user. Thus, the document that is signed, either by the PC or a separate signature device, can be different, making any such scheme for digital signing of limited value.
Even if the user prints the document from the device the same problem exists: a malware can alter the document sent to the printer so that it is different than the version on the device which is be signed.
Thus, a problem with existing solutions is that a user cannot trust what is shown on the display of a device that is not secure. There is accordingly a need for improving current methods for digitally signing a document.